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Data processing device. 



® An IC card comprises CPU (33), PROM (34) for storing 
programs, and RAM (35) for storing the results of arithmetic 
operations. PROM (34) stores a table on which the names of 
specific programs are registered. RAM (35) has execution 
counters which counts up each time each program is run so 
that the number of times the specific program is run is 
memorized. Prior to the running of each program by CPU 
(33). it is judged whether or not the program is a specific 
one. If it is the specific program, the execution counter 
counts up. When the count value of the execution counter is 
above a predetermined value, the running of the specific 
program is prevented. 
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Data processing device 

This invention relates to a data processing device, 
and more particularly, to the protection of a specific 
program run in a portable data processing device such 
as an IC card which includes a microcomputer, ROM, RAM, 
5 etc • 

Banks have recently issued IC cards which have a 
RAM for storing an account number and transaction 
data, a ROM for storing a control program, and a micro- 
processor. The ROM memorizes a password of the card. 

10 Only when the password input in a keyboard of a bank 
terminal unit coincides with that stored in the data 
processing device, can the card be used, so that illegal 
use of the card by a third person is prevented • 
However, illegal use by its owner is not prevented. For 

15 example, the ROM stores a coding process program for the 
communucation between the IC card and the host computer, 
which must be kept secret from the user (owner of the 
card). The IC card stores many other secret programs as 
well. The algorithm of these programs can be discovered 

20 if they are run millions of times or more. It has so 

far been impossible to completely prevent illegal use of 
the IC card by the owner through the discovery of the 
algorithms of the programs. 

The object of the invention is to provide a data 

25 processing device wherein the algorithm of a specific 
program cannot be discovered. This object can be 
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achieved by limiting the number of times the specific 
program is run, prolonging the time taken in running the 
specific program, preventing the continuous running of 
the specific program, and/or preventing each program 
from being run in an order which is not predetermined. 

This invention can be more fully understood from 
the following detailed description when taken in con- 
junction with the accompanying drawings, in which: 

Fig. 1 is a perspective view showing a terminal 
apparatus used in a bank for use with an IC card 
according to a first embodiment of the data processing 
apparatus of the present invention; 

Pig. 2 is a block diagram of the terminal apparatus 
shown . in Fig . 1 ; 

Fig. 3 is a block diagram of the IC card according 
to the first embodiment; 

Fig. 4 is a flow chart of the operation of the 
first embodiment; 

Fig. 5 is a flow chart illustrating the operation 
of a second embodiment of this invention; 

Fig, 6 is a flow chart illustrating the operation 
of a third embodiment of this invention; 

Fig. 7A shows an example of an execution order 
table Ep used in a fourth embodiment of this invention; 

Fig. 7B shows an example of register Ef for 
registering the name of the program which was formerly 
run and register En for registering the name of the 
program which is presently being run, as used in the 
fourth embodiment; and 

Fig. 8 is a flow chart showing the . operation of the 
fourth embod iment • 

A first embodiment of the data processing, device 
according to the present invention will be described 
with reference to the accompanying drawings. 

Banking facilities have recently issued IC 
cards in lieu of bankbooks, which memorize the account 
number and transaction data. The IC card is used in 
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this description as an example of the data processing 
device. The IC card operates with a bank terminal 
unit shown in Figs. 1 and 2 to perform transactions. 

Fig. 1 perspectively shows the bank terminal unit. 
Fig. 2 shows a block circuit thereof. Terminal unit 11 
has CPU 21 for its entire control. CPU 21 is connected 
to ROM 22 storing control programs and to RAM 23 for 
storing data. Also, CPU 21 is connected to keyboard 24 r 
CRT display 25 r printer 26, floppy disc unit 27, IC card 
reader/writer 28 through interface 29, and modem 31 
through interface 32. IC card reader/writer 28 reads 
and writes data in IC card 12 inserted through card 
insertion opening 28 ' • Modem 31 modulates the data fed 
from CPU 21. By using telephone 30 , the modulated data 
are fed through telephone line 13 to a host computer ^ 
etc. Modem 31 demodulates the data fed from the host 
computer, etc. through line 13 and supplies them to 
CPU 21. The data communication between CPU 21 and the 
host computer is performed by coding the data to keep 
the data secret. A program for producing coding key 
data used in the coding process is stored in IC card 12, 
and will be described later. 

Fig. 3 shows the structure of IC card 12. CPU 33, 
which is a microcomputer, is connected to PROM 34 which 
memorizes control programs, e.g., for producing the 
above-mentioned secret coding key data producing program 
necessary for the coding process (hereinafter, a program 
which must be kept secret from the user is referred to 
as a "specific program") and for limiting the running 
of this specific program. PROM 34 also memorizes a 
password assigned to the owner of the IC card. CPU 33 
is also connected to RAM 35 for storing data and to 
connector 36 which is coupled to a connecting pin (not 
shown) provided within IC card reader/writer 28. 

A system comprising the IC card and the bank 
terminal unit is generally operated in the following 
manner. IC card 12 is inserted into insertion 
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opening 28 Connector 36 of IC card 12 is mechanically 
and electrically connected to the connecting pin in IC 
card reader/writer 28. The password is input from 
keyboard 24 ^ and is fed to CPU 33 of IC card 12 through 
5 CPU 21, interface 29 and IC card reader/writer 28. The 
password is then compared with the password stored in 
PROM 34. 

The operation for limiting the number of times 
specific programs are run, which is essential to the 

10 invention, will now be described. Fig. 4 illustrates 

the operation of the first embodiment of the invention. 
In addition to the above-described structure, in the 
first embodiment, PPOM 34 has tables registering the 
names of specific programs, and RAM 35 has execution 

15 counters which count and memorize the number of times 
the corresponding specific programs are run. 

When the power is turned on, the execution counter 
is cleared in Step 1. In Step 2, the name of a program 
to be run is input. In Step 3, the name of the input 

20 program is compared with that of the programs registered 
in the tables to judge whether or not the program to be 
run is the specific program. If it is not the specific 
program, it is run in Step 6. Then, the operation 
returns from Step 6 to Step 2 to wait for the input of 

25 the name of the next program. 

When the program to be run is judged to be the 
specific one. Step 4 judges whether or not the count 
value of the execution counter for that program is below 
a predetermined value. If the value of the execution 

30 counter is below or egual to the predetermined value, "l" 
is counted in the execution counter in Step 5, and the 
routine goes to Step 6 where the program is executed. 
If the value of the execution counter is above the 
predetermined value, the program is not run, and the 

35 operation returns from Step 4 to Step 2 to wait 

for the input of the name of the next program. The 
predetermined value, which is compared with the count 
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value of the execution counter and indicates the maximun 
number of times the specific program is allowed to be 
run, is set above the value at which the specific 
program is normally run from the turn-on to turn-off of 
the power and far below the value at which the algorithm 
of the specific program may be discovered. 

In the first embodiment, unless the power of the 
terminal unit is turned off and then on, the number of 
times the specific program is run is limited. Thus, it 
is impossible to execute the specific program millions 
of times or more to discover the algorithm of the 
specific program. However, as stated above, the 
execution counter is cleared when the power is turned 
on. If the power of the terminal unit is turned off 
and then turned on again to clear the execution counter, 
the predetermined number of times may be increased 
indefinitely. This problem can be eliminated if the 
count value in the execution counter is stored in PROM 
34 before the power is turned off and the execution 
counter is initialized based on the data in PROM 34 each 
time the power is turned on again. 

The description of Fig. 4 does not refer to the 
comparison of the password. Generally, the comparison 
of the password is performed right before the running of 
the program in Step 6. 

A second embodiment of the invention will be 
described hereinafter. Fig. 5 shows the- operation of 
the second embodiment. The IC card of the second 
embodiment has PROM 35 for storing tables registering 
the names of specific programs and tables memorizing a 
predetermined delay time for each specific program. 

When the power is turned on, the name of a program 
to be run is input in Step 11. In Step 12, it is judged 
whether the input program is the specific program. If 
it is not the specific program, the program is run in 
Step 14. Then, the operation returns to Step 11 to wait 
for the input of the name of the next program. On the 
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Other hand, if the input program is the specific one , a 
delay time operation is executed in Step 13 before the 
program is run in Step 14. The delay time is designed 
to be short in consideration of the normal operation. 
However, if the delay time operation is repeated 
millions of times or more, the total delay time becomes 
immense so that it is, in fact, impossible to run the 
specific program many times to discover the algorithm of 
the specific program. 

In Fig. 5, the delay time operation is executed 
before the specific program is run. However, it is 
possible to execute the delay time operation while or 
after the specific program is run. In addition, it is 
possible to register the execution position of the delay 
time program in the above-mentioned registration table 
to change the execution position of the delay time 
program according to each specific program. 

Fig. 6 shows a third embodiment of the invention, 
which is designed to prohibit the continuous running 
of the specific program. As in the first embodiment, 
PROM 34 has tables registering the names of specific 
programs, and RAM 35 has execution counters which count 
and memorize the number of times the corresponding 
specific program is run. 

When the power is turned on, the execution counters 
are cleared in Step 21. In Step 22, the name of a 
program to be run is input. In Step 23,' it is judged 
whether or not the input program is a specific one. If 
the input program is not the specific one, it is run in 
Step 27. Then, the operation returns from Step 27 to 
Step 22 to wait for the input of the name of the next 
program. If the input program is the specific one. 
Step 24 judges whether or not the count value of the 
execution counter is "1". If the count value is not 
"1," "1" is counted in the counter in Step 25, and the 
execution counters excluding that of the present 
specific program are cleared. Thereafter, the routine 
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goes to Step 27 where the program is executed. On the 
other hand, if the count value is "1," the operation 
returns to Step 22 to wait for the input of the name of 
the next program. 

In the third embodiment/ value "1" is set in the 
execution counter right before the specific program is 
run, and the execution counter of the specific program 
is cleared right before another program is run. 
Therefore, the same specific program cannot be 
continuously run. The repeated running of the same 
specific program inevitably involves the running of 
other intervening specific programs. Twice the normal 
time is required to repeat the running of the specific 
prgram. Thus, it is impossible to discover the 
algorithm of the specific program. 

Next, a fourth embodiment will be described. In 
the fourth embodiment, the order of executing each 
program is preset. Because the execution of the 
programs in a different order is impossible, the 
continuous running of the same program is prevented. 
To this end, execution order table Ep as shown in 
Fig. 7A is stored in PROM 34 of IC card 12. Also, RAM 
35 has register Ef for registering the name of the 
formerly run program (or formerly run program name 
register Ef) and register En for registering the name of 
the presently run program (or presently run program name 
register En) as shown in Fig. 7B. Execution order table 
Ep registers program names O, A, C and D in an order 
which allows the programs to be run. Because the 
programs can be run only in the order registered in the 
execution order table Ep, the repeated running of a 
program necessarily involves the running of another 
program and takes a great amount of time. Thus, it is, 
in fact, impossible to discover algorithm by repeating 
the program. 

The above operation will be described in greater 
detail with reference to Fig. 8. When the power is 
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turned on, formerly run program name register Ef is 
cleared in Step 31. In Step 32, the name of the program 
to be run is input to presently run program name 
register En, Step 33 judges whether or not the contents 
5 of registers Ef and Ep have the order registered in 

execution order table Ep. If these contents do not have 
the registered order / the operation goes back to Step 32 
to wait for the input of the name of the next program. 
If they have the registered order. Step 34 transfers the 
10 data from register En to register Ef , and Step 35 runs 
the program. After Step 35, the operation returns to 
Step 32 to wait for the input of the name of the next 
program. 

In the fourth embodiment, since the order of the 
15 programs is predetermined, it is impossible to repeat 
the running of the specific program in an unregistered 
order to discover the algorithm of the specific program. 
In this description, the order of only two programs has 
been predetermined. However, it is possible to 
20 predetermine the order of three or more programs. 

The present invention can provide a data processing 
device wherein the running of a specific program which 
is secret to the user cannot be repeated many times. 
Thus, the discovery of the algorithm of the specific 
25 program is prevented. 
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Claims : 



!• A data processing device comprising: 

memory means for memorizing data and programs; 

arithmetic operation means for running the 
memorized programs; and 

means for judging whether or not a program to be 
run by said arithmetic operation means is a specific 
program^ for counting the number of times the specific 
program is run, and for preventing the specific program 
from being run over predetermined times. 

2. A data processing device comprising: 
memory means for memorizing data and programs; 
arithmetic operation means for running the 

memorized programs; and 

means for judging whether or not a program to be 
run by said arithmetic operation means is a specific 
program and for running a preset delay time program when 
the specific program is run. 

3. A data processing device comprising: 
memory means for memorizing data and programs; 
arithmetic operation means for running the 

memorized programs; and 

means for judging whether or not a program to be 
run by said arithmetic operation means is a specific 
program and for preventing the continuous running of the 
specific program. 

4. The device according to any one of claims 1 
to 3r characterized in that said memory means and 
said arithmetic operation means are constituted by 
semiconductor integrated circuits. 

5. A data processing device comprising: 
memory means for memorizing data and programs; 
arithmetic operation means for running the 

memorized programs; 

order memorizing means for memorizing the execution 

order of the programs; and 
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means for preventing a program from being run by 
said arithmetic operation means, when the order of 
running this program does not coincide with the order 
memorized in said order memorizing means. 

6. The device according to claim 5, characterized 
in that said memory means and said arithmetic operation 
means are constituted by semiconductor integrated 
circuits. 
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@) Data processing device. 

@ An IC card comprises CPU (33), PROM (34) for storing 
programs, and RAM (35) for storing the results of arithmetic 
operations. PROM (34) stores a table on which the names of 
specific programs are registered. RAM (35) has execution 
counters which counts up each time each program is run so 
that the number of times the specific program is run is mem- 
orized. Prior to the running of each program by CPU (33), it is 
judged whether or not the program is a specific one. If it is the 
specific program, the execution counter counts up. When the 
count value of the execution counter is above a pre- 
determined value, the running of the specific program is pre- 
vented. 
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